A website will frequently request that a user provide personal information in order to use a service that the website provides. For example, the website may gather personal information to register a new account for the user, to authenticate the user, or to process the user's payment. In order to gather this information from the user, the website will often present the user with a “form”. A form, or web form, is a structured web document with spaces, called “form fields”, reserved for entering information. Forms are a ubiquitous means for gathering user input on the World Wide Web.
As people have become accustomed to providing personal information to web sites through forms, identity theft has increased. An identity thief may present a user with a web form—often resembling or exactly mirroring a web form of a trusted website—that requests personal information. The unsuspecting user may then provide the criminal with passwords, credit card numbers, or other personal information.
There are other problems that are specific to the use of username and password forms for website authentication. People often choose short passwords which are based on words in the dictionary or names. These types of passwords are easier to guess or crack than lengthy, randomized passwords. In addition, people commonly use the same password for multiple websites, which increases the level of risk they are exposed to if the password for one website is compromised. If a person wishes to use passwords that are lengthy, random and unique, personal password management becomes a serious chore, as the person may have difficulty remembering the passwords without writing them down.
In order to facilitate digital information exchange that is more secure, uniform and user-friendly, an open-ended, interoperable system of digital identification has been developed. This system of digital identification is often referred to as an “identity metasystem”.
At least in one conventional implementation, the identity metasystem provides a secure mechanism by which a user can manage and use digital identities. The identity metasystem makes digital information exchange more uniform and user-friendly, and helps prevent identity theft by providing a secure means for users to provide information over the internet to verifiable parties. Some of the user's digital identities may be self-issued, whereas others may be provided by a trusted third-party. The entity—whether it be the user or a third-party—that issues a digital identity is called an “identity provider”. A party, such as a website, that requests and uses information from a digital identity is referred to as a “relying party”. If a user navigates to a website that is a legitimate relying party, browser-embedded “identity selector” software will allow the user to select an information card that represents a digital identity to be sent to the site. Once a digital identity is selected, the identity selector facilitates the secure exchange of encrypted packages of digital identity data called “security tokens” between the identity provider and the relying party. MICROSOFT® WINDOWS CARDSPACE® is an example of identity selector software.